Hi! I noticed I can create new users for my HA set-up. Can I make a user who is not the admin, but is still able to create new automations? Or at least enable/disable existing automations? My boyfriend wants to set up his own automations, but I don’t want him to accidentally mess mine up.
Try to create a new user, and … try
Hi, thanks for taking the time to answer. I should’ve noted that I’ve created a new user and haven’t been able to find a way of creating or enable/disable automations.
Yeah, the “User” component is still “limited” as mentioned when creating user.
The user group feature is a work in progress. The user will be unable to administer the instance via the UI. We're still auditing all management API endpoints to ensure that they correctly limit access to administrators.
So you’ll have to be “creative” 
Thou im sure if i (as user) had “rights” to create an automation, i could “accidentally” create one that “affect” yours, as users have access to same environment/entities
EdiT: in worse case create a “loop” (turn on / turn off), or something else that eventually crashes the system
I’m pretty sure the configuration menu is hidden for non-admins so that might make it difficult. I think you might have to make anyone you want to be able to use the UI editor for automations into an admin.
Just keep in mind, its definitely all or nothing. Either your boyfriend can edit all automations or no automations. So if admin access is granted he will be able to mess with yours in addition to making his own. If you’re worried about this perhaps put your name in the automation name or something and say not to touch these. Or move them all to a separate YAML file so they are only editable in YAML and not via the UI.
Thanks a lot for the answers both of you!
You could move your automations to a directory and only allow him to create through the UI to add automations.
In config.yaml
automation ui: !include automations.yaml
# -------------------------------------------------
# move automations to a directory
# -------------------------------------------------
automation manual: !include_dir_merge_list automations/
You can’t edit automations that are in a directory from the UI.
This is what it gives you in the automations directory if you try to edit.
True, but still the “scaring” fact remains … If right hand don’t know, what left hand does … For a HA installation it’s simply not a “good” nor “safe” approach, to have 2 individual person make “own” automations, when/if they have no idea what the other person have done
Is this an issue even if we only automate our own entities (e.g. I automate my lamps and switches, he automates his lamps and switches)?
Thank you! I think I’ll go with this suggestion!
Nope, as long as it only comes to that, i don’t see any “system issues” , but that was not your initial use-case.
I.E. How would he “accidentally” mess up yours, if he creates own, … for his lamps/switches ?
I understand the hesitancy and agree it is not a preferred practice. If they talk to each other it should work for them or if they are not sharing entities as indicated. It beats installing two systems and the problems that would create.
I would also advise installing hacs watchman to monitor.
I also assumed they did talk with and trusted each other, but that also seemed “unsure”, as well as it was “only” about automations for own lights/switches , and not “essential” automations for the house/surveillance/heating system etc. etc. … so basically there is nothing to “worry” about, as long as they just call their automations , i.e. my-lamps / your-lamps
No should be fine.
The point is just that you can’t really set up a zero trust system here. Ideally you would be certain users are doing the right things because access is set up in such a way that it is impossible for them to do something they aren’t supposed to (like mess with the wrong automation). You just have to trust the people you give access to listen to your rules and follow them since nothing actually stops them from breaking the rules.